Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 288227 - sys-apps/sandbox-2.1 issue with sys-apps/coreutils[static]
Summary: sys-apps/sandbox-2.1 issue with sys-apps/coreutils[static]
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Sandbox (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Sandbox Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-10-08 18:12 UTC by RB
Modified: 2009-10-26 14:26 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description RB 2009-10-08 18:12:11 UTC 
This is probably related to one of the several bugs filed against sandbox with static apps (bug 264478, bug 280139, and particularly bug 265885), but since it's not precisely the same I figured I'd open a new one.

The specific behavior is when /bin/cp calls utimensat() from lib/utimens.c:gl_futimens(), most repeatably when calling 'cp -r --preserve=timestamps' where there are multiple sub-directories containing at least one file to copy.  Test case:

1.  Obtain static 'cp' executable (sys-apps/coreutils[static] doesn't complete building on amd64).
2.  Install >= sys-apps/sandbox-1.7 (1.6 doesn't exhibit this behavior)
3.  Perform the following:
# cd /var/tmp
# mkdir -p t1/foo
# mkdir -p t1/bar
# mkdir t2
# touch t1/foo/baz
# touch t1/bar/baz
# sandbox /usr/local/bin/cp -vrp t1 t2
`t1' -> `t2/t1'
`t1/foo' -> `t2/t1/foo'
`t1/foo/baz' -> `t2/t1/foo/baz'
# echo $?
137

The '-v' isn't necessary, but illustrates premature termination after completing the first directory - added debugging statements indicate the call to utimensat() in lib/utimens.c:95 (coreutils-7.6) never returns.  For some reason I can't get sandbox to print an access violation now (or even a debug log), but for a while it was consistently indicating './cp' was trying to access '/XX9', where X was a repeated pair of non-ascii characters (obviously junk).

Unfortunately, sandbox' use of ptrace prevents my digging any deeper into this in a reasonable timeframe.  It was initially discovered while installing sys-libs/db-4.8.24 on a ~x86 hardened system with static coreutils, but I've since reproduced it on an ~amd64 default/linux/amd64/10.0 workstation.
Comment 1 SpanKY gentoo-dev 2009-10-08 19:18:19 UTC 
you need to be testing the latest version (2.1).  results with older versions isnt interesting.
Comment 2 RB 2009-10-08 19:31:37 UTC 
If I've gone to this level of analysis, it would have been awfully foolish for me to not test against the latest version.

# sandbox --version
Gentoo path sandbox
 version: 2.1
 C lib:   libc.so.6 (/lib64/libc.so.6)
 build:   Sep 29 2009 08:13:06
 contact: sandbox@gentoo.org via http://bugs.gentoo.org/
 rtld:    next is OK! :D
 schizo:  x86_64:-m64 x86:-m32

configured with these options:
--prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --libdir=/usr/lib64 build_alias=x86_64-pc-linux-gnu host_alias=x86_64-pc-linux-gnu CC= CFLAGS=-march=nocona -O2 -fomit-frame-pointer -pipe LDFLAGS=-Wl,-O1 CPPFLAGS=
Comment 3 SpanKY gentoo-dev 2009-10-08 21:02:01 UTC 
not everyone tests things correctly, and comparing the behavior of 1.7 to 2.1 isnt really correct since it's had plenty of fixes
Comment 4 SpanKY gentoo-dev 2009-10-26 07:08:59 UTC 
thanks for the analysis.  as you point out, the utimensat code was parsing garbage because it skipped one too many function arguments.  should be fixed in sandbox-2.2 now.

http://git.overlays.gentoo.org/gitweb/?p=proj/sandbox.git;a=commitdiff;h=ae95bc8deb1894292a26aea88490ba00f2d68c2a
Comment 5 RB 2009-10-26 14:26:18 UTC 
Confirmed fixed; it's just icing on the cake that you added the tests for it as well.  Thanks for going above and beyond!